Found 6 bookmarks
Custom sorting
Censorship Attack against the Tor network
Censorship Attack against the Tor network
In the last few days, many Tor relay operators - mainly hosting relay nodes on providers like Hetzner - began receiving abuse notices. All the abuses reported many failed SSH login attempts - part of a brute force attack - coming from their Tor relays. Tor relays normally only transport traffic between a guard and an exit node of the Tor network, and per-se should not perform any SSH connections to internet-facing hosts, let alone performing SSH brute force attacks.
#osservatorionessuno#EN#2024#Tor#network#spoofing#attack#relays#SSH
·osservatorionessuno.org·
Censorship Attack against the Tor network
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
  • Trend Micro researchers observed an attacker exploiting the Atlassian Confluence vulnerability CVE-2023-22527 to achieve remote code execution for cryptomining via the Titan Network. The malicious actor used public IP lookup services and various system commands to gather details about the compromised machine. The attack involved downloading and executing multiple shell scripts to install Titan binaries and connect to the Titan Network with the attacker’s identity. * The malicious actor connects compromised machines to the Cassini Testnet, which allows them to participate in the delegated proof of stake system for reward tokens.
#trendmicro#EN#2024#Titan#Network#Confluence#exploitation#Atlassian#vulnerability#CVE-2023-22527
·trendmicro.com·
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Stargazers Ghost Network
Stargazers Ghost Network
  • Check Point Research identified a network of GitHub accounts (Stargazers Ghost Network) that distribute malware or malicious links via phishing repositories. The network consists of multiple accounts that distribute malicious links and malware and perform other actions such as starring, forking, and subscribing to malicious repositories to make them appear legitimate. This network is a highly sophisticated operation that acts as a Distribution as a Service (DaaS). It allows threat actors to share malicious links or malware for distribution through highly victim-oriented phishing repositories. Check Point Research is tracking the threat group behind this service as Stargazer Goblin. The group provides, operates, and maintains the Stargazers Ghost Network and distributes malware and links via their GitHub Ghost accounts. The network distributed all sorts of malware families, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine. Our latest calculations suggest that more than 3,000 active Ghost accounts are part of the network. Based on core GitHub Ghost accounts, we believe that the network began development or testing on a smaller scale for the first time around August 2022. Check Point Research discovered an advertiser in Dark-Web forums that provides the exact GitHub operation. The first advertisement was published on July 8, 2023, from an account created the previous day. Based on the monitored campaigns from mid-May to mid-June 2024, we estimate that Stargazer Goblin earned approximately $8,000. However, we believe that this amount is only a small fraction of what the actor made during that period. The total amount during the operations’ lifespan is estimated to be approximately $100,000. * Stargazers Ghost Network appears to be only one part of the grand picture, with other Ghost accounts operating on different platforms, constructing an even bigger Distribution as a Service universe.
#checkpoint#EN#2024#research#Stargazers#Ghost#Network#GitHub#dark-web
·research.checkpoint.com·
Stargazers Ghost Network
Hundreds of network operators’ credentials found circulating in Dark Web
Hundreds of network operators’ credentials found circulating in Dark Web
Following a recent and highly disruptive cyberattack on telecom carrier Orange España the cybersecurity community needs to rethink its approach to safeguarding the digital identity of staff involved in network engineering and IT infrastructure management. Orange España is the second-largest mobile operator in Spain. In early January, an attacker going by the alias ‘Snow’ hijacked Orange España’s RIPE Network Coordination Centre (NCC) account. RIPE is Europe’s regional Internet registry. After this initial breach, Snow sabotaged the telecommunications firm’s border gateway protocol (BGP) and resource public key infrastructure (RPKI) configurations.
#resecurity#EN#2024#network#operators#credentials#darkweb#RIPE#BGP
·resecurity.com·
Hundreds of network operators’ credentials found circulating in Dark Web